#
01d5efe3 |
|
18-Sep-2021 |
Coldfirex <sakison@gmail.com> |
Malloc_debug: Fix Wformat-security Change-Id: I2f891fff74a003aac7774ee91f2c28d5e65a18f7 Reviewed-on: https://review.haiku-os.org/c/haiku/+/4486 Reviewed-by: Adrien Destugues <pulkomandy@gmail.com>
|
#
8b9bb054 |
|
23-Aug-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug: Replace two more uses of printf in guarded heap. Use the internal print_stdout() instead as done when printing the stack traces.
|
#
5dbea469 |
|
23-Aug-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug: Track freeing thread in guarded heap separatley. Previously the thread member was overwritten with the freeing thread when a page was freed, leading to confusion when hitting unallocated pages due to the debugger message still stating "allocated by thread". Track the freeing thread separately as it might be interesting to know both, which thread initially allocated and which thread eventually freed an allocation.
|
#
c4a9344a |
|
20-Aug-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug: Support alignments > B_PAGE_SIZE in guarded heap. These are always allocated using an area. The allocation size is increased as to guarantee the availability of a suitable address. The pages between the allocation info and the actual, aligned start address and the pages past the allocation end are then protected. This commit also fixes corruption of the allocation info for large allocations that used areas. The alignment wasn't taken into account when calculating the amount of space needed. The alignment could then lead to rounding down the allocation start such that it would overlap with the allocation info.
|
#
1748116d |
|
13-Aug-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug.so: Fix missing alignment in guarded realloc.
|
#
8fa441bf |
|
13-Aug-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug: Revert to a legacy default alignment of 8. This reverts the legacy default alignment (in absence of max_align_t) to 8, as it was before.
|
#
f474606e |
|
12-Aug-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug: Merge guarded heap into libroot_debug. The individual debug heap implementations are now exposed via a structure of function pointers and a common frontend dispatches the malloc and malloc_debug APIs through them. The MALLOC_DEBUG environment variable can be used to select the guarded heap by adding 'g', otherwise the debug heap is used as the default. Consequently the separate libroot_guarded is not needed anymore and has been removed. To allow the use of environment variables this early, init_env_post_heap has been added and the heap dependent atfork() moved there. This allowed to fold the code of init_heap_post_env into init_heap so the former has been removed.
|
#
3dfbe1a1 |
|
11-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
guarded_heap: Use __arch_get_stack_trace() instead of syscall. The stack base and end addresses are stored in TLS slots that are prepared when enabling stack traces and filled in lazily on use for each thread. This avoids the need of calling get_thread_info to get these values. Also simplifies the code somewhat due to proper frame skipping support.
|
#
bd5dea31 |
|
11-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
guarded_heap: Replace symbol lookup syscall with runtime_loader. Use the private runtime_loader API to do the symbol lookup instead of using the syscall.
|
#
74c28454 |
|
10-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Remove condition that is always true.
|
#
ec0190ad |
|
10-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Implement allocation dump on exit in guarded heap. When enabled (using heap_debug_dump_allocations_on_exit(true) or MALLOC_DEBUG=e) this causes a dump of all remaining allocations when libroot_debug is unloaded. It uses terminate_after to be called as late as possible. When combined with alloc stack traces this makes for a nice if a bit crude leak checker. Note that a lot of allocations usually remain even at that stage due to statically, lazyly and globally allocated stuff from the various system libraries where it isn't necessarily worth the overhead to free them when the program terminates anyway.
|
#
e26a4e7b |
|
10-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Also print stack traces when dumping guarded heap.
|
#
607ac916 |
|
10-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Impl. heap_debug_dump_allocations in guarded heap.
|
#
158e20e6 |
|
10-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Implement alloc/free stack traces in guarded heap. When configured to do so (using heap_debug_set_stack_trace_depth(depth) or MALLOC_DEBUG=s<depth>) the guarded heap now captures stack traces on alloc and free. A crash due to hitting a guard page or an already freed page now dumps these stack traces. In the case of use-after-free one can therefore see both where the allocation was done and where it was freed. Note that there is a hardcoded maximum stack trace depth of 50 and that the alloc stack trace takes away space from the free stack trace which uses up the rest of that maximum.
|
#
abf230a9 |
|
07-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Set default alignment to max_align_t if available. For it to be available we build malloc_debug in C++11 mode when not using GCC2. Note that max_align_t is not in the std namespace in GCC4 versions prior to GCC 4.9. The extra "using namespace std" is there to be forward compatible once we update.
|
#
121655e9 |
|
04-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Add default alignment option. This allows for something similar as was implemented in 217f090 but makes it optional and configurable. The MALLOC_DEBUG environment variable now can take "a<size>" to set the default alignment to the specified size. Note that not all alignments may be supported depending on the heap implementation.
|
#
b0e31a9c |
|
04-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
Revert "malloc_debug: align allocations". This reverts commit 217f090f9e247d1d4c5644e626642c430fafe4e5. At least for the guarded heap this completely defeats the purpose. If software requires a certain alignment it should request it using memalign explicitly instead of assuming it.
|
#
37acb83e |
|
04-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug: Fix build of guarded_heap after atomic changes.
|
#
217f090f |
|
04-Mar-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
malloc_debug: align allocations * Align all allocations of more than 8 bytes to 8-byte. * Avoids hitting ASSERTs in WebKit when built in debug mode (it assumes at least 8 byte alignment)
|
#
268ddbd7 |
|
10-Dec-2011 |
Michael Lotz <mmlr@mlotz.ch> |
Fix a few function signatures in the guarded heap. * Not including malloc.h caused the memalign() signature to not be a C signature, therefore leading to linking errors. Fix the missing include and explicitly add extern "C" as well. * Some remaining asterisk style cleanup.
|
#
3de38069 |
|
10-Dec-2011 |
Michael Lotz <mmlr@mlotz.ch> |
Update the guarded heap areas after fork. We don't actually use them for anything yet though.
|
#
97680106 |
|
06-Dec-2011 |
Michael Lotz <mmlr@mlotz.ch> |
Add a userland version of the guarded heap to libroot_debug. The guarded heap uses mprotect() to protect freed/unallocated pages so that any access to such a page results in a segfault. It also installs a segfault handler that in such an event prints some info about the accessed page and then calls the debugger with a meaningful message. It implements the same interface as the debug heap so it can simply be swapped out by changing the Jamfile. As it doesn't support most of the extra debug features (wall checking is obviously superfluous, but it also doesn't help in leak checking) and as it is hugely space inefficient I left it disabled for now.
|
#
8b9bb054f46a2500dfc4216dca18096da737debc |
|
23-Aug-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug: Replace two more uses of printf in guarded heap. Use the internal print_stdout() instead as done when printing the stack traces.
|
#
5dbea4697074034e7b5887d3ce8e45aebbe32057 |
|
23-Aug-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug: Track freeing thread in guarded heap separatley. Previously the thread member was overwritten with the freeing thread when a page was freed, leading to confusion when hitting unallocated pages due to the debugger message still stating "allocated by thread". Track the freeing thread separately as it might be interesting to know both, which thread initially allocated and which thread eventually freed an allocation.
|
#
c4a9344a117d3c918506c5d91300a6ce3554c7a2 |
|
20-Aug-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug: Support alignments > B_PAGE_SIZE in guarded heap. These are always allocated using an area. The allocation size is increased as to guarantee the availability of a suitable address. The pages between the allocation info and the actual, aligned start address and the pages past the allocation end are then protected. This commit also fixes corruption of the allocation info for large allocations that used areas. The alignment wasn't taken into account when calculating the amount of space needed. The alignment could then lead to rounding down the allocation start such that it would overlap with the allocation info.
|
#
1748116d1c5dbfd50da5c8d8e4c53b92b1021029 |
|
13-Aug-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug.so: Fix missing alignment in guarded realloc.
|
#
8fa441bf5c9a995d3a66da8eb55d244f4b6c7bbd |
|
13-Aug-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug: Revert to a legacy default alignment of 8. This reverts the legacy default alignment (in absence of max_align_t) to 8, as it was before.
|
#
f474606ee92a7afddb5b3b6350a97ffd31e22c42 |
|
12-Aug-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug: Merge guarded heap into libroot_debug. The individual debug heap implementations are now exposed via a structure of function pointers and a common frontend dispatches the malloc and malloc_debug APIs through them. The MALLOC_DEBUG environment variable can be used to select the guarded heap by adding 'g', otherwise the debug heap is used as the default. Consequently the separate libroot_guarded is not needed anymore and has been removed. To allow the use of environment variables this early, init_env_post_heap has been added and the heap dependent atfork() moved there. This allowed to fold the code of init_heap_post_env into init_heap so the former has been removed.
|
#
3dfbe1a12d7da31426474bb7a3c4fc911c53ce02 |
|
11-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
guarded_heap: Use __arch_get_stack_trace() instead of syscall. The stack base and end addresses are stored in TLS slots that are prepared when enabling stack traces and filled in lazily on use for each thread. This avoids the need of calling get_thread_info to get these values. Also simplifies the code somewhat due to proper frame skipping support.
|
#
bd5dea318a091a3ff074ed1823cd961473177c9a |
|
11-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
guarded_heap: Replace symbol lookup syscall with runtime_loader. Use the private runtime_loader API to do the symbol lookup instead of using the syscall.
|
#
74c284545b37cbe08fd9016ee233422f51e81380 |
|
10-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Remove condition that is always true.
|
#
ec0190adb0a9abe5a796d31468f421896eb47124 |
|
10-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Implement allocation dump on exit in guarded heap. When enabled (using heap_debug_dump_allocations_on_exit(true) or MALLOC_DEBUG=e) this causes a dump of all remaining allocations when libroot_debug is unloaded. It uses terminate_after to be called as late as possible. When combined with alloc stack traces this makes for a nice if a bit crude leak checker. Note that a lot of allocations usually remain even at that stage due to statically, lazyly and globally allocated stuff from the various system libraries where it isn't necessarily worth the overhead to free them when the program terminates anyway.
|
#
e26a4e7b7aae3c824b04ef329c763c293249197f |
|
10-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Also print stack traces when dumping guarded heap.
|
#
607ac916ded850874386b8983cc9b09b7d525367 |
|
10-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Impl. heap_debug_dump_allocations in guarded heap.
|
#
158e20e60e97eaa9845c5d6c90f234855be86fb1 |
|
10-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Implement alloc/free stack traces in guarded heap. When configured to do so (using heap_debug_set_stack_trace_depth(depth) or MALLOC_DEBUG=s<depth>) the guarded heap now captures stack traces on alloc and free. A crash due to hitting a guard page or an already freed page now dumps these stack traces. In the case of use-after-free one can therefore see both where the allocation was done and where it was freed. Note that there is a hardcoded maximum stack trace depth of 50 and that the alloc stack trace takes away space from the free stack trace which uses up the rest of that maximum.
|
#
abf230a9ac4750f4cacfb1d4c8610732c15b417c |
|
07-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Set default alignment to max_align_t if available. For it to be available we build malloc_debug in C++11 mode when not using GCC2. Note that max_align_t is not in the std namespace in GCC4 versions prior to GCC 4.9. The extra "using namespace std" is there to be forward compatible once we update.
|
#
121655e9ee3e7fa6d9244df8c68ad30f9981af8c |
|
04-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
malloc_debug: Add default alignment option. This allows for something similar as was implemented in 217f090 but makes it optional and configurable. The MALLOC_DEBUG environment variable now can take "a<size>" to set the default alignment to the specified size. Note that not all alignments may be supported depending on the heap implementation.
|
#
b0e31a9ce35e3d3d47b59a21e7c43b0d41c11d11 |
|
04-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
Revert "malloc_debug: align allocations". This reverts commit 217f090f9e247d1d4c5644e626642c430fafe4e5. At least for the guarded heap this completely defeats the purpose. If software requires a certain alignment it should request it using memalign explicitly instead of assuming it.
|
#
37acb83e4c7f8f946fda8d13f3f64cb721cc3fe3 |
|
04-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
libroot_debug: Fix build of guarded_heap after atomic changes.
|
#
217f090f9e247d1d4c5644e626642c430fafe4e5 |
|
04-Mar-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
malloc_debug: align allocations * Align all allocations of more than 8 bytes to 8-byte. * Avoids hitting ASSERTs in WebKit when built in debug mode (it assumes at least 8 byte alignment)
|
#
268ddbd76f963f8abca784bfa33f43d779181c72 |
|
10-Dec-2011 |
Michael Lotz <mmlr@mlotz.ch> |
Fix a few function signatures in the guarded heap. * Not including malloc.h caused the memalign() signature to not be a C signature, therefore leading to linking errors. Fix the missing include and explicitly add extern "C" as well. * Some remaining asterisk style cleanup.
|
#
3de380692acab727237c7ca4dbafa2a1ccf3244c |
|
10-Dec-2011 |
Michael Lotz <mmlr@mlotz.ch> |
Update the guarded heap areas after fork. We don't actually use them for anything yet though.
|
#
97680106f0ecd95f5f8ca7e1aeb33992fba42ccb |
|
06-Dec-2011 |
Michael Lotz <mmlr@mlotz.ch> |
Add a userland version of the guarded heap to libroot_debug. The guarded heap uses mprotect() to protect freed/unallocated pages so that any access to such a page results in a segfault. It also installs a segfault handler that in such an event prints some info about the accessed page and then calls the debugger with a meaningful message. It implements the same interface as the debug heap so it can simply be swapped out by changing the Jamfile. As it doesn't support most of the extra debug features (wall checking is obviously superfluous, but it also doesn't help in leak checking) and as it is hugely space inefficient I left it disabled for now.
|